comic strip maker

on Rabu, 24 Juni 2009
/ Comments: (0)
suka bikin comic strip? punya banyak ide? pengen terkenal kayak chickenstrip? ada cara gampang bikinnya.. salah satunya adalah.. witty... simple kok... lo pasti bisa dan online.... cuman lo harus jadi memebr kalo mo ngesavenya...

Bad boys

on Rabu, 17 Juni 2009
Labels: / Comments: (0)

belakangan ini gw lagi research tool untuk web testing, salah satu yang menarik adalah bad boy. selain berbasis GUI dan tambahan script2, serta variabel yang bisa di link ke database ato excel. simpel digunakan dan free untuk 5 user, masih ngulik-ngulik cara akses APInya melalui javascript...

selain itu ada juga watin untuk create testing di VS.NET... cuman ya harus develop dulu berikut contoh skenario testing untuk halaman login dengan mencoba2 inputan dari array, codingnya masih kasar nih... maklum namanya juga contoh.

Sub Main()
Dim browser As New IE("http://localhost/website/login.asp")
Dim User() As String = {"user", "admin", "test", "testingusers", "1", "2"}
Dim pwd() As String = {"password", "admins", "tester", "testingusers", "1", "2"}
Dim i As Integer

For i = 0 To User.Length - 1
If browser.TextField(Find.ByName("login")).Exists Then
browser.TextField(Find.ByName("user")).TypeText(User(i))
browser.TextField(Find.ByName("password")).TypeText(pwd(i))
browser.Button(Find.ByName("btnLogin")).Click()
Else
MsgBox("User = " & User(i - 1) & vbCrLf & "Password = " & pwd(i - 1))
Exit For
End If
Next
End Sub

wish me luck othree....

happy coding

ASP script untuk mencegah SQL injection

on Selasa, 02 Juni 2009
Labels: / Comments: (0)
berikut adalah script buat mencegah SQL injection... gw lupa dapat darimana, intinya dia melacak karakter-karakter yang bisa dipakai buat SQL injection. sriptnya menscan input secara keseluruhan baik dari form, URL bahkan cookies. ditulis dalam ASP.
'  Author: Nazim Lala
'
'  This is the include file to use with your asp pages to
'  validate input for SQL injection.

Dim BlackList, ErrorPage, s

'
'  Below is a black list that will block certain SQL commands and
'  sequences used in SQL injection will help with input sanitization
'
'  However this is may not suffice, because:
'  1) These might not cover all the cases (like encoded characters)
'  2) This may disallow legitimate input
'
'  Creating a raw sql query strings by concatenating user input is
'  unsafe programming practice. It is advised that you use parameterized
'  SQL instead. Check http://support.microsoft.com/kb/q164485/ for information
'  on how to do this using ADO from ASP.
'
'  Moreover, you need to also implement a white list for your parameters.
'  For example, if you are expecting input for a zipcode you should create
'  a validation rule that will only allow 5 characters in [0-9].
'

BlackList = Array("--", ";", "/*", "*/", "@@", "@",_
                "char", "nchar", "varchar", "nvarchar",_
                "alter", "begin", "cast", "create", "cursor",_
                "declare", "delete", "drop", "end", "exec",_
                "execute", "fetch", "insert", "kill", "open",_
                "select", "sys", "sysobjects", "syscolumns",_
                "table", "update")


'  Populate the error page you want to redirect to in case the
'  check fails.

ErrorPage = "ErrorPage.asp"

'''''''''''''''''''''''''''''''''''''''''''''''''''            
'  This function does not check for encoded characters
'  since we do not know the form of encoding your application
'  uses. Add the appropriate logic to deal with encoded characters
'  in here
'''''''''''''''''''''''''''''''''''''''''''''''''''
Function CheckStringForSQL(str)
On Error Resume Next

Dim lstr

' If the string is empty, return true
If ( IsEmpty(str) ) Then
CheckStringForSQL = false
Exit Function
ElseIf ( StrComp(str, "") = 0 ) Then
CheckStringForSQL = false
 Exit Function
End If

lstr = LCase(str)

' Check if the string contains any patterns in our
' black list
For Each s in BlackList

If ( InStr (lstr, s) <> 0 ) Then
CheckStringForSQL = true
Exit Function
  End If

Next

CheckStringForSQL = false

End Function


'''''''''''''''''''''''''''''''''''''''''''''''''''
'  Check forms data
'''''''''''''''''''''''''''''''''''''''''''''''''''

For Each s in Request.Form
If ( CheckStringForSQL(Request.Form(s)) ) Then

' Redirect to an error page
Response.Redirect(ErrorPage)

End If
Next

'''''''''''''''''''''''''''''''''''''''''''''''''''
'  Check query string
'''''''''''''''''''''''''''''''''''''''''''''''''''

For Each s in Request.QueryString
If ( CheckStringForSQL(Request.QueryString(s)) ) Then

' Redirect to error page
Response.Redirect(ErrorPage)

End If

Next


'''''''''''''''''''''''''''''''''''''''''''''''''''
'  Check cookies
'''''''''''''''''''''''''''''''''''''''''''''''''''

For Each s in Request.Cookies
If ( CheckStringForSQL(Request.Cookies(s)) ) Then

' Redirect to error page
Response.Redirect(ErrorPage)

End If

Next